| 基于虚拟机技术的进程分析方法 |
| |
| 引用本文: | 高勇,范明钰.基于虚拟机技术的进程分析方法[J].计算机应用,2010,30(5):1327-1330. |
| |
| 作者姓名: | 高勇 范明钰 |
| |
| 作者单位: | 1. 电子科技大学计算机科学与工程学院2. 电子科技大学计算机科学与工程学院;电子科技大学信息安全研究中心 |
| |
| 基金项目: | 国家863计划项目(2009AA01Z403;2009AA01Z435) |
| |
| 摘 要: | 针对现有进程分析方法存在的缺陷,提出了一种在Windows平台虚拟环境下分析进程的方法。该方法首先在宿主机下分析虚拟机的内存,捕捉当前线程,并通过内核数据结构得到当前线程所在进程, 然后通过页目录表物理地址计算进程页面,对内存进行清零来结束进程。实例分析表明本方法在保护宿主机安全的同时,能快速监测到程序,并且可以有效地结束进程。
|
| 关 键 词: | 虚拟机 内核 进程 CR3 |
| 收稿时间: | 2009-11-26 |
| 修稿时间: | 2010-01-25 |
Process analyzing method based on virtual machine |
| |
| GAO Yong,FAN Ming-yu.Process analyzing method based on virtual machine[J].journal of Computer Applications,2010,30(5):1327-1330. |
| |
| Authors: | GAO Yong FAN Ming-yu |
| |
| Affiliation: | 1.School of Computer Science and Engineering/a>;University of Electronic Science and Technology of China/a>;Chengdu Sichuan 610054/a>;China/a>;2.Research Center of Information Security/a>;China |
| |
| Abstract: | In view of the shortcomings of the existing process analyzing methods,a new method was proposed based on virtual environment of Windows platform.This method captured the current thread by analyzing virtual machine's memory under host,got the current process by the kernel data structures,and set zero among the memory to kill the process.The physical address of memory could be worked out by using the base address of page table.The experimental result shows that the proposed method can quickly detect process,e... |
| |
| Keywords: | CR3 |
| 本文献已被 CNKI 万方数据 等数据库收录! |
| 点击此处可从《计算机应用》浏览原始摘要信息 |
|
点击此处可从《计算机应用》下载全文 |
